OWASP Security Baseline Project

Main

Project Description

• Benchmark security of enterprise products/services against OWASP Top 10 (and other) Security Risks

• Open and comprehensive security assessments of enterprise products/services

• Guidance/support for vendor-independent security verification of enterprise products/services

Project Goals

• Establishing an OWASP community which actively identifies products/services and devises suitable security test plans

• actively identify => use/work with/test/research it

• Benchmarking security of tested solutions using OWASP security guidelines and tools (OWASP Web Testing Environment/OWASP Live CD, etc), open-source testing tools
• Collaborating with softwre vendors on improving security of assessed frameworks/products/services
• Increasing awareness on available OWASP resources (guidelines, tools,etc)

Project Roadmap

Alpha

• devise testing methodology mapping to OWASP Top 10 Security Risks, including test plan, techniques, tools, etc
• establish disclosure policy

Beta

• publish testing methodology
• publish major case study
• gather community support

Stable

• assess major products/services and publish the outcome
• collaborate with vendors to improve security of assessed solutions
• framework in pace for assessing other classes of products/services
• coordinate and publish community-validated results

Work in Progress

• Benchmarking Enterprise E-mail Security Solutions (including Google Message Security SaaS)
• Benchmarking Enterprise Social Networking Platforms
• ...

Call for Participation

Anyone with an interest in improving application security

• Security Engineers
• Security Analysts
• Penetration Testers
• Security Researchers
• Software Developers
• …

 If you find an issue, don’t stop testing! There is a very good chance there are few more :) 

Project About